Help Find the People Who Killed Ulf Möller

Posted on February 20, 2012 by adam

The family of Ulf Möller are asking for help in finding the people who murdered him, and asking for help spreading the word:

They have a web site with details in English, German, Polish and Lithuanian:

The two men are described as slim, both about 1.75 m to 1.80 m tall, between 20 and 30 years old. One of them was wearing a dark jacket with a fur-like hood. The surveillance cameras took clear pictures of his face. The other killer was wearing a noticeable light blue quilted Nike-brand jacket.

We are grateful for any help in finding the murderers. Clues can be reported to the German police (Polizeidirektion Sachsen-Anhalt Ost, who are leading the investigation) by calling +49 340 6000 293, by sending e-mail to lfz.pd-ost@polizei.sachsen-anhalt.de, or by visiting any German police station. If you prefer, you can email us directly at mail.ulfm@googlemail.com.

Help us find the people who killed Ulf.

Killer1

It’s a Lie: Seattle Taxpayers Will Pay for a Staduim

Posted on February 20, 2012 by adam

The Seattle Times carries a press release: “Arena plan as solid as it looks?”

The intricate plan offered for an NBA and NHL arena in Sodo hinges on the untested strategy of building a city-owned, self-supporting arena, without the aid of new taxes, and with team owners — not taxpayers — obligated to absorb any losses.

This not only a lie, it is a blatant lie, contradicted by statements later in the article:

…Seattle and King County would finance $200 million — likely in bonds — to cover construction costs. The city would recoup its money through lease payments and the taxes on everything from tickets to concessions from the arena.

Let me translate that into plain English. The taxpayers of Seattle and King County would sign a bond. We’d be obligated to pay it back if or when the ~~Supersonics~~ new team leaves town. Also, let me comment that the use of “would” is inaccurate. The word that the writers sought and were unable to come up with is “might”, as in: “the city might recoup its money…”

One more quote:

It’s hard to argue against the idea of an arena that pays for itself.

It’s even harder to guarantee it, though.

Actually, it’s easy to guarantee that the arena pays for itself, or at least that the taxpayers don’t pay for it. The builders finance the arena. See how easy that is? They issue the bonds, they reap the profits. Then the people of Seattle and King county are guaranteed to not be on the hook.

Pretty simple, if the Seattle Times would stop relaying lies about who’s on the hook for bonds issued by Seattle or King County.

Look, while I’m opposed to having to sit in traffic for yet more sporting events, I shouldn’t have a say in how these folks spend their money. The arena backers should feel free to spend their money, plus as much as anyone will loan them, to build a stadium, buy a team, or hold a parade. That’s what freedom is about. But the people of Seattle should not carry any of the risk. The money should be entirely private.

Maybe the plan can’t work without Seattle bearing some of the risk. If that’s the case, that’s because this isn’t the sure thing that its backers want us to think. It means that the bankers see this as a risky thing, and want to transfer that risk to some sucker. I don’t want to be the sucker who’s paying for a failed deal. Do you?

Twitter Weekly Updates for 2012-02-19

Posted on February 19, 2012 by adam

RT @csoghoian If Path-like apps that pilfered user contact data suffered a data breach, existing laws wouldn't require disclosure to users. #
New quickie blog: Bismark's Voice http://t.co/zk01Biec #
RT @paulmadsen Sharingfreude, n. – pleasure derived from inadvertent sharing of personal information on social media by friends & colleagues #
.@dakami @jeremiahg @tqbf see also Carl Ellison's work on "Ceremony Analysis"– it's broader than a ux issue, into mental models #
Bruce Schneier was kind enough to link my "Dear Verisign, Trust Requires Transparency" blog post http://t.co/iAZKFX1g so I've updated it #
Short form: We still don't know who knew what when about the Verisign breach http://t.co/iAZKFX1g #
Bruce Schneier was kind enough to link my "Dear Verisign, Trust Requires Transparency" blog post http://t.co/iAZKFX1g so I updated it #
RT @lennyzeltser An example of an SMS #phishing message that pursues Verizon Wireless logon credentials: http://t.co/Gk0o1IUh #
RT @jeremiahg "Senate Passes Bill Allowing Airports To Evict TSA Screeners" http://t.co/VvdXyxo8 <an airport w/o TSA is very attractive #
RT @FAQShop [TechNet Blogs] Elevation of Privilege – we made a card game for developers! Welcome to Tuesday article http://t.co/I3z7Oj2S #
I'm looking for interesting analysis of the Collins-Leiberman security bill: http://t.co/ARsWtIn6 #
"Cheating is encouraged" http://t.co/YvUqbaY2 #
RT @PrivacyMemes Twitter Is The Latest Company To Admit It Uploads Your Address Book http://t.co/QFUxSezG < Time for a law? A tort? #
Wow, the new Twitter is both ugly and less customer-centered. #FAIL #
RT @KimZetter TSA Denies it Targets Attractive Female Passengers for Body Scans http://t.co/MT4SPWCN << Except the claim was "nice figure" #
RT @mtanji @KimZetter Of course there is no "policy" to target the hawtness, that's merely the practice once humans are put in the loop. #
RT @BlackHatEvents Black Hat EU 2012 Schedule is out! http://t.co/d1zdTqQD #
RT @MSFTsdl The Evolution of Elevation: Threat Modeling in a #Microsoft World http://t.co/SScd3vWW by @danaepp #security #
RT @singe Worried about AddressBook privacy on iOS? Check out AdiOS http://t.co/SS38Aha8 & Gorilla http://t.co/8l1K0mnF (latter requires JB) #
RT @rsingel .@jerrybrito on how transparency might be better for infrastructure security than regulation: http://t.co/dHShX23e < like #
RT @singe Have any of you ever worked on a project where privacy controls were part of the requirements spec? << both at ZKS & Microsoft #
RT @Wh1t3Rabbit I think I have a new game for those speakers coming to OWASP AppSecAPAC …shoot me a note if you want to play < yay, games! #

Bismark’s Voice

Posted on February 13, 2012 by adam

Tucked away for decades in a cabinet in Thomas Edison’s laboratory, just behind the cot in which the great inventor napped, a trove of wax cylinder phonograph records has been brought back to life after more than a century of silence.

The cylinders, from 1889 and 1890, include the only known recording of the voice of the powerful chancellor Otto von Bismarck. Two preserve the voice of Helmuth von Moltke, a venerable German military strategist, reciting lines from Shakespeare and from Goethe’s “Faust” into a phonograph horn. (Moltke was 89 when he made the recordings — the only ones known to survive from someone born as early as 1800.)

“Restored Edison Records Revive Giants of 19th-Century Germany” NYTimes, Jan 30, 2012.

Nothing to add. Just way cool.

Twitter Weekly Updates for 2012-02-12

Posted on February 12, 2012 by adam

RT @tkeanini Overcoming the fear of disclosure http://t.co/DZdkeyNh << TK is spot on. Our fear blocks feedback loops. #
MT @qld_oic ..empowering young people to establish good cyber safety behaviour #oicprivacycomp http://t.co/vkr3VZ3A [$1000 prize for video] #
RT @mortman Yet More On Threat Modeling: A Mini-Rant http://t.co/ZPxVa9HE cc @adamshostack @alexhutton #newschool #
RT @securityskeptic @mortman The danger of comparing security to a silver bullet is that there's no #killshot in security << APT!!! #
RT @WeldPond I suggest regular auditing against known weak passwords with L0phtCrack :) http://t.co/3w9HhKm4 #
RT @jack_daniel Rereading New School of Information Security, we're talking to @adamshostack on @pauldotcom this week. Great little book. #
I'm on @pauldotcom this Thursday, 3PM Seattle time. #
RT @fivethirtyeight When the data and your model clash, it's usually not the data's fault. #
RT @caitlynkorb @Jim_Harper declares an #Everify rebellion. Grab your pitchforks! http://t.co/545ed12q #nationalID #realID #immigration #
New blog: "Have you seen the little piggies?" http://t.co/nH7HxlgL #
RT @msftcitizenship Record breaking year for @microsoft employees with $100.5 million to nonprofits in 2011! http://t.co/8qfOpZVF #
Wow. 12 USB best practices, and nothing on autorun. How was that list generated, @RSAConference @wireheadlance @infosecisland? #
Infosec will only break out of the echo chamber and get results by subjecting our practices to empirical testing. #
RT @jayjacobs: patterns produce #datagasm http://t.co/1Udq6yhw looking forward to the 2012 #DBIR < No fair showing graphs without labels! #
RT @pauldotcom RT @InternMike: @adamshostack on tonight's @pauldotcom Ep. 277 6PM ET: http://t.co/GrMnG5t6 #
RT @dakami Prediction: Drivers remotely monitored by insurers will end up with higher accident, claim, & injury rates than unmonitored. #
RT @egoodman History Dept. needs help breaking code in a Civil War-era diary. Do it. This is what the Internet is for. http://t.co/duTdxyxq #
Hey, I'm about to be on http://t.co/JRACOWSK! Come listen in and hang in the chatroom! #
RT @_nomap UC Berkeley study analyzes the costs unintended consequences of a biometric worker ID system in the US http://t.co/kQRaqaP6 [PDF] #
RT @danwallach I blog about the new IEEE Security & Privacy copyright agreement. https://t.co/dl9LqOdy < Important for academics & the field #
hmmm, when I anonymize a paper w/ copy & paste, I end up w "Organization Word." Maybe I should leave that in, \footnote{anonymity is hard} #

Have You Seen The Little Piggies?

Posted on February 8, 2012 by adam

Vermont Police Cars as done by a Prisoner

Apparently, the project manager who found a vendor for the Vermont State Police car decals failed to consider a few things. Such as the risk that prisoners might want to have a little fun at the expense of the police.

You can see the fun if you study the image carefully here, or in a larger version at MSN Photoblog.

Twitter Weekly Updates for 2012-02-05

Posted on February 5, 2012 by adam

RT @Entropologist Passwords should be a mix of letters, numbers, special characters and longer than 8 characters… like "' or 1=1;–" #
RT @ioerror Researchers taking a stand against Elsevier: http://t.co/TMZqj2E9 #
RT @ashk4n Even experts are having a hard time differentiating between android malware & mobile ads these days http://t.co/t5qAQANP #
Tinker, Tailor is amazing and wraps up very neatly at the end. Too neatly. I think there's a mole on the screenwriting team. #
New blog: "Yes, Google+ Is a Failure" follows up on "Google+ Failed Because of Real Names" http://t.co/0hYfNxXX #
RT @AdrianChen At Google, we want to simplify things. So we're combining our 40 different services into a single INESCAPABLE GORGON'S STARE. #
RT @jeremiahg "China Hackers Target Law Firms as Back Doors in Search for Deal Data" http://t.co/mO3PFURn <Mandiant says 80 firms last yr #
RT @jeremiahg I wonder how a breach of a law firm is affected by attourney-client priviledge. << good q! Fact of breach is not advice? #
RT @BlackHatEvents Just announced for #BlackHat USA: acclaimed author @nealstephenson to keynote 2012- read here: http://t.co/4p2J1abm #
RT @dakami: should be a yearly award for Best Security Data, [...] best collection and disbursement of hard data and cogent analysis < YES #
RT @real_life_CISO suspect that their clients need to determine materiality and notify their shareholders accordingly. Bet most won't… #
New blog "More on Real Names Policies" http://t.co/KeqjQ35M #
RT @josephmenn At least VeriSign confessed in fine print. Many didn't. Hacked companies still not telling investors http://t.co/xmCeH6we #
RT @samablog Fuck the NFL. They're as bad as the TSA. Maybe I should protest by refusing to watch. http://t.co/r5WfgtRa #
I love it! Moar games please! @jeremiahg @mattjay @manicode define a goal & audience, then get @jesseschell's book. Email me for more #
RT @msftsdl Evolving Secure Code at #Microsoft and Beyond http://t.co/i6TJPTj0 by Steve Lipner #TwCNext #SDC2012 #BITS #
Looking for more ideas on "Time for an Award for Best Data?" http://t.co/Mph30gKn #
RT @mortman Google Droids, Happy Friday http://t.co/zllR3kwL #
Just to this amazing article by @Beschizza on Twitter's mis-direction & newspeak around their censorship policy. http://t.co/n02us2wU #
RT: @VERISIGN Our statement on the 2010 security breach http://t.co/B1SkDDWl << Verisign should release the detailed investigation report #
New blog: "Dear Verisign, Trust Requires Transparency" http://t.co/iAZKFX1g #
New blog: "Dear Verisign, Trust Requires Transparency" http://t.co/iAZKFX1g (cc @josephmenn @thedarktangent @rmogull @mortman @jack_daniel) #
"Why are we only hearing about the @Verisign breach now?" in Time's techland blog: http://t.co/no4Cp2eg #
RT @Stepto New Post on my blog: In Which I leave Microsoft. http://t.co/lNebkU10 < I'm sad and excited for you at the same time #
Why does the National Academy of Sciences need to charge me $10 for a PDF that Scribd would serve for free? How does that advance science? #

More on Real Name Policies

Posted on February 1, 2012 by adam

There were a couple of excellent posts about Google+ which I wanted to link in, but the post took a different path:

“Google+ and The Trouble With Tribbles”

The trouble with social is that it is social – with all the norms, behaviors and expectations that come with that. You cannot re-engineer that overnight (Facebook is being far more successful in doing so using far more insidious means). Facebook also has a policy of Real Names, but it realizes that to make the social work you have to cater to the psychology of the users. So there are no identity verification processes, no automatic suspension of accounts and schemes that entice us to provide real data instead of telling us to do so. The fidelity of the data is proven by it’s socially verified reputation, not because there is a policy document that can be pointed to (at the end of the day, a much more robust and legitimate mechanism).
“For Ceorl Onlyone, thanks…”

“As I’ve said previously, I left Facebook and Google+ because I could see the direction and I discerned the narrowing that indicates both subtle and direct attacks upon choice and privacy. I left because my presence was a reason for my family, friends, and peers to remain.
“The Social Graph is Neither.”
There’s no clear pull quote, but boy is this a great de-construction of the phrase (and product name) “the social graph”. Read it carefully, and you’ll never hear those words the same way.
In a number of places, including “Take back the comments: stop online harassment” and comment on “Why it Matters: Google+ and Diversity, part 2,” Kathy Sierra says:

Keep the pseudonyms and lose the assholes.

Previously: “Google+ Failed Because of Real Names” and “Yes, Google+ Is a Failure“

Yes, Google+ Is a Failure

Posted on January 30, 2012 by adam

One of the most common bits of feedback about my post “Google+ Failed Because of Real Names” is that Google+ is now a huge service, and that the word failed is an exaggeration, or a trick of the rhetorician.

Some folks might advise me to stop digging a hole, put down the shovel and walk away. But
I’m going to pick up that shovel, and try to convince you that I’m not exaggerating. Google+ may not be a New Coke level failure, it may be a successful failure, but it’s a failure nonetheless.

The goal of Google+ is to dominate the social network space, replacing Facebook, LinkedIn and Twitter, and building a moat around Google’s core business of advertising. That moat ought to consist of Google having more information about you than the CIA does (ok, that’s hyperbole. The CIA can’t store that much info). The moat ought to be that Google can show your wallet-name ads that tug at your wallet-strings.

Do you really think that Google wanted to enter this market to play second-fiddle to Facebook? Do you think that Google is happy that Facebook is going to pop out in the biggest IPO in history real soon now, giving them a massive war chest?

I think that the answer is fairly obviously a no. Now, you could argue that Google+ is en route to topple Facebook. That Google will take three tries to get it right or something, like they did with Search and Mail and Maps. (Oh, wait, they didn’t take three tries on any of those.)

What’s more, I don’t think that no was pre-ordained because of Facebook’s massive user-base. People were willing to show up at Google+ and explore. And that exploration rapidly foundered on the nymwars.

I think the system could and should have done better, if Google wasn’t so hell-bent on controlling what name people could display for themselves.

Twitter Weekly Updates for 2012-01-29

Posted on January 29, 2012 by adam

Vincent Brown (@politico_ie) should be given an uninterrupted hour with the ECB execs: https://t.co/SZYOtveo #
RT @marciahofmann Supreme Court: government installation & use of a GPS device to monitor a vehicle's movements is a 4th Amendment search. #
RT @normative RT @thinkprogress: BREAKING: Rand Paul is being detained by TSA in Nashville (via @moirabagley) < Nudatrons a campaign issue? #
How do we win the fight against nude scanners in America? Does it help that @senrandpaul and @ronpaul are paying attention? #
RT @BlackHatEvents First Round of #BlackHat EU Briefings have been announced. Check out the early selections here: https://t.co/eF9URe7R #
I'm particularly excited by the HDMI & SSL Intercept proxy talks, but @WeldPond's talk also looks really interesting. #blackhat #
RT @MSFTsdl Check out a demo of the SDL Threat Modeling Tool #MSFT #SDL http://t.co/0k29g47I by @adamshostack #
New blog: "Vendor Shout Out: Gourmet Depot" http://t.co/VbneQAIX #
RT @mortman I just love getting getting spam via linkedin << Help perk up @mortman's day! :) #
RT @ioerror A write-up of UK and USA censorship of the Tor Project website: https://t.co/zzcLYdoC #
Let me see if I understand this, @O2. Previously, you were censoring the web and not admitting it, now you admit it? #
RT @josephmenn Whom to follow in cybersecurity. Congrats to @briankrebs, @adamshostack, @jack_daniel, @taosecurity etc. http://t.co/Lq2upZO5 #
RT @jdp23 A3: Infomediaries …. they're baaaaaack! #privchat << infomediaries are the PKI of privacy–always gonna be the year of PKI #
RT @mortman @WeldPond Here you go http://t.co/cAZERJkv << We should really check for Javascript off & say congratulations. :) #
RT @thedarktangent New #DEFCON 20 CTF information to be posted end of the month, we are growing the contest and helping the teams out! #
RT @singe Since awareness of Google's creepy data collection is about to be newstormed. Please highlight GoogleSharing http://t.co/BoSySekb #
RT @singlyinc In support of women in open technology, Singly is matching donations to @adainitiative until Thursday! http://t.co/1bWMZ9oc #
RT @briankrebs If you're a customer of mobile provider O2, apparently anyone can snarf your mobile # when you browse http://t.co/MStGOUCJ #
RT @mortman RT @jeremiahg: Interesting concept, "Open Security Audits" http://t.co/tdCXfOGH <– Now _that_ is #newschool cc @adamshostack #
RT @SpireSec Plugged one of my favorites about patch timing in my vuln post: http://t.co/qU5ycCZf <- Thanks! #
New blog: "Google+ Failed Because of Real Names" http://t.co/JFaa1EqR #
New blog: "Google+ Failed Because of Real Names" http://t.co/JFaa1EqR /cc @3ricj #
RT @ashk4n Seems like opportune time to update our '88% Google Coverage map' to incl mobile, social, payments, etc http://t.co/vOXrZYCR #
RT @m3sweatt seems so. And @google still discriminates against what the call "common names", like mine: http://t.co/VCK8rXao @3ricj #
RT @Kym_Possible Tech game at MITRE booth has tablets for prizes… Go play! #shmoocon << Games have no place in security! #
RT @LaraSee Did you know that the House of Angostura represents 3% of Trinidad and Tobago’s entire non-petrochemical manufacturing GDP? #
The Phantom Menace in 3D? Yeah, that's what that movie was missing. depth of character. #

Emergent Chaos

The Emergent Chaos Jazz Combo

Author Archives: adam